Script to test access violations

[xrahd]

I would like to ensure that access violation monitoring is working on my systems (Sol-8). I want to do this by testing the following:
- Failed console logins
- Failed remote/SSH logins
-Failed su
- invaild userid
- empty passwd
Would anyone out there have a canned script, which I can use that will test the above. I would like to perform these test from one script. Any and all suggestions most appreciative.
Thanks in advance for all.

 

[Wonboodoo]

Your script should scan these files:

/var/adm/sulog will hold "su" successes (+) and failures (-).

I think if you "touch /var/adm/loginlog; chmod 600 /var/adm/loginlog" it will save failed login attempts.

I think empty passwords can be found in /etc/shadow (no encryption string).

 

[Soladm]

For logins - You can also check the /var/acct/authlog and /var/adm/messages for login attempts (take a look at the /etc/default/logins file as well to make sure logging is set up).

For empty passwords try using the /etc/pwck (I believe this is right... I know it's /etc/pw** ) or logins -p commands. These will list empty passwords.

Take a look at this link. It has more detailed information about the above suggestions.

http://docs.sun.com/db/doc/805-7229/6j6q8svde?a=view#secsys-ix1694

Have a Great Day!!
~Sol
Sys Admin

 

[xrahd]

Thank you very much for your suggestions. I will try them out and get back to you.
Oh!!!!
Seasons Greeting to you and yours and see you on the other side of '02.

 

[Soladm]

Just wanted to correct myself. The previous post has an incorrect path for the authlog... instead of /var/acct/authlog it should read /var/log/authlog. Sorry for the mix-up.

Have a Happy New Year!!!!
Have a Great Day!!
~Sol
Sys Admin